Simplify deployment and use api-gw for static content

Author: [email protected]

api-gateway/src/main/docker/Dockerfile

@@ -1,4 +1,19 @@
-FROM kong:0.14-centos
+FROM kong:1.1rc1-centos
 LABEL description="Centos 7 + Kong 0.14 + kong-oidc plugin"
+#RUN USER=root usermod -a -G root kong
+
 RUN yum install -y git unzip && yum clean all
 RUN USER=root luarocks install kong-oidc
+RUN yum install -y dos2unix
+
+COPY ./docker-entrypoint.sh /docker-entrypoint.sh
+RUN dos2unix /docker-entrypoint.sh
+RUN chmod 777 /docker-entrypoint.sh
+
+COPY ./nginx-custom-static-sso.template  /usr/local/kong/template/nginx-custom-static-sso.template
+
+COPY ./config-kong.sh /tmp
+RUN dos2unix /tmp/config-kong.sh
+RUN chmod 777 /tmp/config-kong.sh
+
+

api-gateway/src/main/docker/config-kong.sh

@@ -0,0 +1,12 @@
+#Creates the services.
+curl -S -s -i -X POST --url http://api-gateway:8001/services --data "name=counterparty-service" --data "url=http://counterparty-service:8080/counterparties"
+curl -S -s -i -X POST --url http://api-gateway:8001/services --data "name=instrument-service" --data "url=http://instrument-service:8080/instrument"
+curl -S -s -i -X POST --url http://api-gateway:8001/services --data "name=valuation-service" --data "url=http://valuation-service:8080/valuation"
+curl -S -s -i -X POST --url http://api-gateway:8001/services --data "name=regulatory-service" --data "url=http://regulatory-service:8080/regulatory"
+#Creates the routes
+curl -S -s -i -X POST  --url http://api-gateway:8001/services/counterparty-service/routes --data "paths[]=/api/v1/counterparty" 
+curl -S -s -i -X POST  --url http://api-gateway:8001/services/instrument-service/routes   --data "paths[]=/api/v1/instrument" 
+curl -S -s -i -X POST  --url http://api-gateway:8001/services/valuation-service/routes    --data "paths[]=/api/v1/valuation" 
+curl -S -s -i -X POST  --url http://api-gateway:8001/services/regulatory-service/routes   --data "paths[]=/api/v1/regulatory" 
+#Enable the Open ID Plugin
+curl -S -s -i -X POST  --url http://api-gateway:8001/plugins --data "name=oidc" --data "config.client_id=api-gateway" --data "config.client_secret=798751a9-d274-4335-abf6-80611cd19ba1" --data "config.discovery=https%3A%2F%2Ffinancial-app.com%2Fauth%2Frealms%2Fmaster%2F.well-known%2Fopenid-configuration"

api-gateway/src/main/docker/docker-entrypoint.sh

@@ -0,0 +1,36 @@
+#!/bin/sh
+set -e
+
+export KONG_NGINX_DAEMON=off
+
+has_transparent() {
+  echo "$1" | grep -E "[^\s,]+\s+transparent\b" >/dev/null
+}
+
+if [[ "$1" == "kong" ]]; then
+  PREFIX=${KONG_PREFIX:=/usr/local/kong}
+
+  if [[ "$2" == "docker-start" ]]; then
+    shift 2
+    kong prepare -p "$PREFIX" "$@"
+    chown -R kong "$PREFIX"
+
+    # workaround for https://github.com/moby/moby/issues/31243
+    chmod o+w /proc/self/fd/1
+    chmod o+w /proc/self/fd/2
+
+    if [ ! -z ${SET_CAP_NET_RAW} ] \
+        || has_transparent "$KONG_STREAM_LISTEN" \
+        || has_transparent "$KONG_PROXY_LISTEN" \
+        || has_transparent "$KONG_ADMIN_LISTEN";
+    then
+      setcap cap_net_raw=+ep /usr/local/openresty/nginx/sbin/nginx
+    fi
+
+    exec su-exec root /usr/local/openresty/nginx/sbin/nginx \
+      -p "$PREFIX" \
+      -c nginx.conf
+  fi
+fi
+
+exec "$@"

api-gateway/src/main/docker/nginx-custom-static-sso.template

@@ -0,0 +1,211 @@
+# ---------------------
+# custom_nginx.template
+# ---------------------
+
+worker_processes ${{NGINX_WORKER_PROCESSES}}; # can be set by kong.conf
+daemon ${{NGINX_DAEMON}};                     # can be set by kong.conf
+
+pid pids/nginx.pid;                      # this setting is mandatory
+error_log logs/error.log ${{LOG_LEVEL}}; # can be set by kong.conf
+events {}
+
+http {
+ 	charset UTF-8;
+	error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
+	client_max_body_size ${{CLIENT_MAX_BODY_SIZE}};
+	proxy_ssl_server_name on;
+	underscores_in_headers on;
+	lua_package_path '${{LUA_PACKAGE_PATH}};;';
+	lua_package_cpath '${{LUA_PACKAGE_CPATH}};;';
+	lua_socket_pool_size ${{LUA_SOCKET_POOL_SIZE}};
+	lua_max_running_timers 4096;
+	lua_max_pending_timers 16384;
+	lua_shared_dict kong                5m;
+	lua_shared_dict kong_db_cache       ${{MEM_CACHE_SIZE}};
+	lua_shared_dict kong_db_cache_miss 12m;
+	lua_shared_dict kong_locks          8m;
+	lua_shared_dict kong_process_events 5m;
+	lua_shared_dict kong_cluster_events 5m;
+	lua_shared_dict kong_healthchecks   5m;
+	lua_shared_dict kong_rate_limiting_counters 12m;
+	lua_socket_log_errors off;
+	
+> if lua_ssl_trusted_certificate then
+	lua_ssl_trusted_certificate '${{LUA_SSL_TRUSTED_CERTIFICATE}}';
+> end
+	lua_ssl_verify_depth ${{LUA_SSL_VERIFY_DEPTH}};
+	# injected nginx_http_* directives
+> for _, el in ipairs(nginx_http_directives)  do
+	$(el.name) $(el.value);
+> end
+	init_by_lua_block {
+	    Kong = require 'kong'
+	    Kong.init()
+	}
+	init_worker_by_lua_block {
+	    Kong.init_worker()
+	}
+> if #proxy_listeners > 0 then
+	upstream kong_upstream {
+	    server 0.0.0.1;
+	    balancer_by_lua_block {
+	        Kong.balancer()
+	    }
+> if upstream_keepalive > 0 then
+    keepalive ${{UPSTREAM_KEEPALIVE}};
+> end
+	}
+	server {
+	    server_name kong;
+> for i = 1, #proxy_listeners do
+    listen $(proxy_listeners[i].listener);
+> end
+	    error_page 400 404 408 411 412 413 414 417 494 /kong_error_handler;
+	    error_page 500 502 503 504 /kong_error_handler;
+	    access_log ${{PROXY_ACCESS_LOG}};
+	    error_log ${{PROXY_ERROR_LOG}} ${{LOG_LEVEL}};
+	    client_body_buffer_size ${{CLIENT_BODY_BUFFER_SIZE}};
+> if proxy_ssl_enabled then
+    ssl_certificate ${{SSL_CERT}};
+    ssl_certificate_key ${{SSL_CERT_KEY}};
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_certificate_by_lua_block {
+        Kong.ssl_certificate()
+    }
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers ${{SSL_CIPHERS}};
+> end
+> if client_ssl then
+    proxy_ssl_certificate ${{CLIENT_SSL_CERT}};
+    proxy_ssl_certificate_key ${{CLIENT_SSL_CERT_KEY}};
+> end
+    real_ip_header     ${{REAL_IP_HEADER}};
+    real_ip_recursive  ${{REAL_IP_RECURSIVE}};
+> for i = 1, #trusted_ips do
+    set_real_ip_from   $(trusted_ips[i]);
+> end
+    # injected nginx_proxy_* directives
+> for _, el in ipairs(nginx_proxy_directives) do
+    $(el.name) $(el.value);
+> end
+	
+	    location / {
+			root /www/data;
+		}
+	   
+	    
+	    location /auth/ {
+	        proxy_pass          http://iam:8080/auth/;
+	        proxy_set_header    Host               $host;
+	        proxy_set_header    X-Real-IP          $remote_addr;
+	        proxy_set_header    X-Forwarded-For    $proxy_add_x_forwarded_for;
+	        proxy_set_header    X-Forwarded-Host   $host;
+	        proxy_set_header    X-Forwarded-Server $host;
+	        proxy_set_header    X-Forwarded-Port   $server_port;
+	        proxy_set_header    X-Forwarded-Proto  $scheme;
+     	        
+	    }
+	    
+	    
+	    location /api {
+	        default_type                     '';
+	        set $ctx_ref                     '';
+	        set $upstream_host               '';
+	        set $upstream_upgrade            '';
+	        set $upstream_connection         '';
+	        set $upstream_scheme             '';
+	        set $upstream_uri                '';
+	        set $upstream_x_forwarded_for    '';
+	        set $upstream_x_forwarded_proto  '';
+	        set $upstream_x_forwarded_host   '';
+	        set $upstream_x_forwarded_port   '';
+	        rewrite_by_lua_block {
+	            Kong.rewrite()
+	        }
+	        access_by_lua_block {
+	            Kong.access()
+	        }
+	        proxy_http_version 1.1;
+	        proxy_set_header   Host              $upstream_host;
+	        proxy_set_header   Upgrade           $upstream_upgrade;
+	        proxy_set_header   Connection        $upstream_connection;
+	        proxy_set_header   X-Forwarded-For   $upstream_x_forwarded_for;
+	        proxy_set_header   X-Forwarded-Proto $upstream_x_forwarded_proto;
+	        proxy_set_header   X-Forwarded-Host  $upstream_x_forwarded_host;
+	        proxy_set_header   X-Forwarded-Port  $upstream_x_forwarded_port;
+	        proxy_set_header   X-Real-IP         $remote_addr;
+	        proxy_pass_header  Server;
+	        proxy_pass_header  Date;
+	        proxy_ssl_name     $upstream_host;
+	        proxy_pass         $upstream_scheme://kong_upstream$upstream_uri;
+	        header_filter_by_lua_block {
+	            Kong.header_filter()
+	        }
+	        body_filter_by_lua_block {
+	            Kong.body_filter()
+	        }
+	        log_by_lua_block {
+	            Kong.log()
+	        }
+	    }
+	    location = /kong_error_handler {
+	        internal;
+	        uninitialized_variable_warn off;
+	        content_by_lua_block {
+	            Kong.handle_error()
+	        }
+	        header_filter_by_lua_block {
+	            Kong.header_filter()
+	        }
+	        body_filter_by_lua_block {
+	            Kong.body_filter()
+	        }
+	        log_by_lua_block {
+	            Kong.log()
+	        }
+	    }
+	}
+> end
+
+> if #admin_listeners > 0 then
+	server {
+	    server_name kong_admin;
+> for i = 1, #admin_listeners do
+    listen $(admin_listeners[i].listener);
+> end
+	    access_log ${{ADMIN_ACCESS_LOG}};
+	    error_log ${{ADMIN_ERROR_LOG}} ${{LOG_LEVEL}};
+	    client_max_body_size 10m;
+	    client_body_buffer_size 10m;
+> if admin_ssl_enabled then
+    ssl_certificate ${{ADMIN_SSL_CERT}};
+    ssl_certificate_key ${{ADMIN_SSL_CERT_KEY}};
+    ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_timeout 10m;
+    ssl_prefer_server_ciphers on;
+    ssl_ciphers ${{SSL_CIPHERS}};
+> end
+	    # injected nginx_admin_* directives
+> for _, el in ipairs(nginx_admin_directives) do
+    $(el.name) $(el.value);
+> end
+	    location / {
+	        default_type application/json;
+	        content_by_lua_block {
+	            Kong.serve_admin_api()
+	        }
+	    }
+	    location /nginx_status {
+	        internal;
+	        access_log off;
+	        stub_status;
+	    }
+	    location /robots.txt {
+	        return 200 'User-agent: *\nDisallow: /';
+	    }
+	}
+> end
+}

counterparty-service/pom.xml

@@ -75,10 +75,7 @@
 			<version>5.0.10.Final</version>
 			<scope>test</scope>
 		</dependency>
-		<dependency>
-			<groupId>io.thorntail</groupId>
-			<artifactId>logstash</artifactId>
-		</dependency>
+
 
 		<dependency>
 			<groupId>com.github.dadrus.jpa-unit</groupId>

counterparty-service/src/main/resources/project-defaults.yml

@@ -1,4 +1,4 @@
-swarm:
+thorntail:
   datasources:
     data-sources:
       CounterpartyDS:
@@ -10,8 +10,4 @@ swarm:
       myh2:
         driver-class-name: org.h2.Driver
         xa-datasource-name: org.h2.jdbcx.JdbcDataSource
-        driver-module-name: com.h2database.h2
-    logstash:
-      hostname: localhost
-      port: 9300
-      level: INFO
+        driver-module-name: com.h2database.h2